On Thu, Mar 14, 2019 at 9:16 AM Andrea Arcangeli <aarcange@xxxxxxxxxx> wrote: > So this will be for who's paranoid and prefers to disable userfaultfd > as a whole as an hardening feature like the bpf sysctl allows: it will > allow to block uffd syscall without having to rebuild the kernel with > CONFIG_USERFAULTFD=n in environments where seccomp cannot be easily > enabled (i.e. without requiring userland changes). > > That's very fine with me, but then it wasn't me complaining in the > first place. Kees? I'm fine with a boolean. I just wanted to find a way to disable at runtime (so distro users had it available to them). -- Kees Cook
